By default, sqlnet.ora is located in the $ORACLE_HOME/network/admin directory on UNIX operating systems and the ORACLE_HOME\network\admin directory on Windows operating systems. sqlnet.ora can also be stored in the directory specified by the TNS_ADMIN environment variable.

Profile Parameters

This section lists and describes the sqlnet.ora file parameters.

BEQUEATH_DETACH

Purpose

Use the parameter BEQUEATH_DETACH to turn signal handling on or off for UNIX systems.

Default

no

Values

yes to turn signal handling off

no to leave signal handling on

Example

BEQUEATH_DETACH=yes

DISABLE_OOB

Purpose

If turned off, the parameter DISABLE_OOB enables Oracle Net to send and receive "break" messages using urgent data provided by the underlying protocol.

If turned on, disables the ability to send and receive "break" messages using urgent data provided by the underlying protocol. Once enabled, this feature applies to all protocols used by this client.

See Also:

Operating system-specific documentation to determine if the protocols you are using support urgent data requests. TCP/IP is an example of a protocol that supports this feature.

Default

off

Example

DISABLE_OOB=on

LOG_DIRECTORY_CLIENT

Purpose

Use the parameter LOG_DIRECTORY_CLIENT to specify the destination directory for the client log file.

Default

Current directory from which the executable is started

Example

LOG_DIRECTORY_CLIENT=/oracle/network/log

LOG_DIRECTORY_SERVER

Purpose

Use the parameter LOG_DIRECTORY_SERVER to specify the destination directory for the database server log file.

Default

Current directory from which the executable is started

Example

LOG_DIRECTORY_SERVER=/oracle/network/log

LOG_FILE_CLIENT

Purpose

Use the parameter LOG_FILE_CLIENT to specify the name of the log file for the client.

Default

sqlnet.log

Example

LOG_FILE_CLIENT=client

LOG_FILE_SERVER

Purpose

Use the parameter LOG_FILE_SERVER to specify the name of the log file for the database server.

Default

sqlnet.log

Example

LOG_FILE_SERVER=svr.log

NAMES.CONNECT_TIMEOUT

Purpose

Use the parameter NAMES.CONNECT_TIMEOUT to specify the amount of time, in seconds, for the client to wait for a connection to an Oracle Names server to complete.

Default

3

Minimum Value

1

Maximum Value

600

Example

NAMES.CONNECT_TIMEOUT=8

NAMES.DCE.PREFIX

Purpose

Use the parameter NAMES.DCE.PREFIX to specify the Distributed Computing Environment (DCE) cell name (prefix) to use for name lookups.

Default

/.:/subsys/oracle/names

Example

NAMES.DCE.PREFIX=/.:/subsys/oracle/names

NAMES.DEFAULT_DOMAIN

Purpose

Use the parameter NAMES.DEFAULT_DOMAIN to set the domain from which the client most often looks up names resolution requests. When this parameter is set, the default domain name is automatically appended to any unqualified net service name or service name.

For example, if the default domain is set to us.acme.com, the connect string CONNECT scott/tiger@sales gets searched as sales.us.acme.com. If the connect string includes the domain extension, such as CONNECT scott/tiger@sales.acme.com, the domain is not appended.

Default

None

Example

NAMES.DEFAULT_DOMAIN=acme.com

NAMES.DIRECTORY_PATH

Purpose

Use the parameter NAMES.DIRECTORY_PATH to specify the order of the naming methods used for client name resolution lookups.

Example

NAMES.DIRECTORY_PATH=(tnsnames, onames)

NAMES.INITIAL_RETRY_TIMEOUT

Purpose

Use the parameter NAMES.INITIAL_RETRY_TIMEOUT to determine how long a client waits for a response from an Oracle Names server before reiterating the request to the next Oracle Names server in the preferred servers list.

Default:

15

Minimum Value

1

Maximum Value

600

Example

NAMES.INITIAL_RETRY_TIMEOUT=20

NAMES.MAX_OPEN_CONNECTIONS

Purpose

Use the parameter NAMES.MAX_OPEN_CONNECTIONS to determine how many connections an Oracle Names client can have open at one time.

Default

10

Minimum Value

3

Maximum Value

64

Example

NAMES.MAX_OPEN_CONNECTIONS=3

NAMES.MESSAGE_POOL_START_SIZE

Purpose

Use the parameter NAMES.MESSAGE_POOL_START_SIZE to determine the initial number of messages allocated in the client message pool for message requests.

Default

Example

NAMES.REQUEST_RETRIES

Purpose

Use the parameter NAMES.REQUEST_RETRIES to specify the number of times the client should try each Oracle Names server in the list of preferred Oracle Names servers before allowing the operation to fail.

Default

1

Minimum Value

1

Maximum Value

5

Example

NAMES.REQUEST_RETRIES=5

NAMESCTL.ECHO

Purpose

If the parameter NAMESCTL.ECHO is set to true, then the Oracle Names Control utility echoes commands with prompts in the output. You can use this information to better interpret the output. You can use this information to better interpret the output, especially when the Oracle Names Control utility is run with a command script. The commands from the script appear before their output.

Default

false

Values

true | false

Example

NAMESCTL.ECHO=true

When the QUERY . ns.smd command is entered in the Oracle Names Control utility, the output that follows displays. Notice that QUERY . ns.smd command is echoed on the second line.

NAMESCTL.INTERNAL_ENCRYPT_PASSWORD

Purpose

If the parameter NAMESCTL.INTERNAL_ENCRYPT_PASSWORD is set to true, then the Oracle Names Control utility encrypts the password when it is sends to the Oracle Names server.

If set to false, the Oracle Names Control utility does not encrypt the password. A false setting enables unencrypted passwords to be set in the names.ora file with the NAMES.PASSWORD parameter.

Default

true

Values

true | false

Example

NAMESCTL.INTERNAL_ENCRYPT_PASSWORD=true

NAMESCTL.INTERNAL_USE

Purpose

If the parameter NAMESCTL.INTERNAL_USE is set to true, then the Oracle Names Control utility enables a set of internal undocumented commands. All internal commands are preceded by an underscore to distinguish them as internal.

Default

false

Values

true | false

Example

NAMESCTL.INTERNAL_USE=true

NAMESCTL.NO_INITIAL_SERVER

Purpose

If the parameter NAMESCTL.NO_INITIAL_SERVER is set to true, then the Oracle Names Control utility suppresses any error messages when the client is unable to connect to a default Oracle Names server.

Default

false

Values

true | false

Example

NAMESCTL.NO_INITIAL_SERVER=true

NAMESCTL.NOCONFIRM

Purpose

Use the parameter NAMESCTL.NOCONFIRM to indicate whether sensitive commands, such as STOP, RELOAD, and RESTART, should be prompted with a confirmation when running the Oracle Names Control utility.

Default

off

Values

on | off

Example

NAMESCTL.NOCONFIRM=on

NAMESCTL.SERVER_PASSWORD

Purpose

Use the parameter NAMESCTL.SERVER_PASSWORD to indicate the value that matches the configured password set in the names.ora file with the NAMES.PASSWORD parameter. This eliminates the need to enter the password with the SET PASSWORD command each time you use the Oracle Names Control utility to use secure commands, such as STOP, RESTART, and RELOAD.

Example

NAMESCTL.SERVER_PASSWORD=secret

NAMESCTL.TRACE_DIRECTORY

Purpose

Use the parameter NAMESCTL.TRACE_DIRECTORY to specify the directory where trace output from the Oracle Names Control utility is placed.

Default

The $ORACLE_HOME/network/trace directory on UNIX operating systems and the ORACLE_HOME\network\trace directory on Windows NT

Example

NAMESCTL.TRACE_DIRECTORY=/oracle/trace

NAMESCTL.TRACE_FILE

Purpose

Use the parameter NAMESCTL.TRACE_FILE to specify the file in which the Oracle Names Control utility trace output is placed.

Default

namesctl.trc

Example

NAMESCTL.TRACE_FILE=nmsctl

NAMESCTL.TRACE_LEVEL

Purpose

Use the parameter NAMESCTL.TRACE_LEVEL to turn Oracle Names Control utility tracing on, at a specific level, or off.

Default

off

Values

off for no trace output

user for user trace information

admin for administration trace information

support for Oracle Support Services trace information

Example

NAMESCTL.TRACE_LEVEL=admin

NAMESCTL.TRACE_TIMESTAMP

Purpose

When parameter NAMESCTL.TRACE_LEVEL is set to a specific tracing level, you can use the parameter NAMES.TRACE_TIMESTAMP to add a time stamp in the form of dd-mon-yyyy hh:mi:ss:mil to every trace event in the trace file for the Oracle Names Control utility.

Default

true

Values

yes or true | no or false

Example

NAMESCTL.TRACE_TIMESTAMP=false

NAMESCTL.TRACE_UNIQUE

Purpose

Use the parameter NAMESCTL.TRACE_UNIQUE to specify whether or not a unique trace file is created for each Oracle Names Control utility trace session. When the value is set to on, a process identifier is appended to the name of each trace file, enabling several files named namesctlpid.trc to coexist. When the value is set to off, data from a new trace session overwrites the existing file.

Use the parameter NAMESCTL.TRACE_UNIQUE to specify whether or not a unique trace file is created for each Oracle Names Control utility trace session. When the value is set to on, a process identifier is appended to the name of each trace file, enabling several files to coexist. For example, trace files named namesctlpid.trc are created if default trace file name namesctl.trc is used. When the value is set to off, data from a new trace session overwrites the existing file.

Default

on

Values

on | off

Example

NAMESCTL.TRACE_UNIQUE=on

SQLNET.AUTHENTICATION_KERBEROS5_SERVICE

Purpose

Use the parameter SQLNET.AUTHENTICATION_KERBEROS5_SERVICE to define the name of the service used to obtain a Kerberos service ticket.

SQLNET.AUTHENTICATION_GSSAPI_SERVICE

Purpose

SQLNET.AUTHENTICATION_SERVICES

Purpose

Use the parameter SQLNET.AUTHENTICATION_SERVICES to enable one or more authentication services. If authentication has been installed, it is recommended that this parameter be set to either none or to one of the authentication methods.

Default

None

Values

Authentication Methods Available with Oracle Net Services:

none for no authentication methods. A valid username and password can be used to access the database.

Example

SQLNET.AUTHENTICATION_SERVICES=(kerberos5, cybersafe)

SQLNET.CLIENT_REGISTRATION

Purpose

Use the parameter SQLNET.CLIENT_REGISTRATION to set a unique identifier for this client computer. This identifier is passed to the listener with any connection request and is included in the Audit Trail. The identifier can be any alphanumeric string up to 128 characters long.

Default

None

Example

SQLNET.CLIENT_REGISTRATION=1432

SQLNET.CRYPTO_CHECKSUM_CLIENT

Purpose

Use the parameter SQLNET.CRYPTO_CHECKSUM_CLIENT to specify the checksum behavior for the client.

SQLNET.CRYPTO_CHECKSUM_TYPE_SERVER

Purpose

Default

md5

Values

md5 for the RSA Data Security's MD5 algorithm

sha1 for the Secure Hash algorithm

Example

SQLNET.CRYPTO_CHECKSUM_TYPE_SERVER=(md5)

SQLNET.CRYPTO_SEED

Purpose

Use the parameter SQLNET.CRYPTO_SEED to specify the characters used when generating cryptographic keys. The more random the characters are, the stronger the keys are. The string should be 10-70 random characters. This is required for when encryption or checksumming are turned on. Encryption is turned on if the SQLNET.ENCRYPTION_CLIENT parameter is specified for the client and the SQLNET.ENCRYPTION_SERVER parameter is specified for the database server; checksumming is turned on if the SQLNET.CRYPTO_CHECKSUM_CLIENT parameter is specified for the client and the SQLNET.CRYPTO_CHECKSUM_SERVER parameter is specified for the database server.

Example

SQLNET.ENCRYPTION_TYPES_SERVER=(rc4_56, des, ...)

SQLNET.EXPIRE_TIME

Purpose

Use parameter SQLNET.EXPIRE_TIME to specify a the time interval, in minutes, to send a probe to verify that client/server connections are active. Setting a value greater than 0 ensures that connections are not left open indefinitely, due to an abnormal client termination. If the probe finds a terminated connection, or a connection that is no longer in use, it returns an error, causing the server process to exit. This parameter is primarily intended for the database server, which typically handles multiple connections at any one time.

Limitations on using this terminated connection detection feature are:

It is not allowed on bequeathed connections.

Though very small, a probe packet generates additional traffic that may downgrade network performance.

Depending on which operating system is in use, the server may need to perform additional processing to distinguish the connection probing event from other events that occur. This can also result in degraded network performance.

Default

0

Minimum Value

0

Recommended Value

10

Example

SQLNET.EXPIRE_TIME=10

SQLNET.INBOUND_CONNECT_TIMEOUT

Purpose

Use the SQLNET.INBOUND_CONNECT_TIMEOUT parameter to specify the time, in seconds, for a client to connect with the database server and provide the necessary authentication information.

If the client fails to establish a connection and complete authentication in the time specified, then the database server terminates the connection. In addition, the database server logs the IP address of the client and an ORA-12170: TNS:Connect timeout occurred error message to the sqlnet.log file. The client receives either an ORA-12547: TNS:lost contact or an ORA-12637: Packet receive failed error message.

Without this parameter, a client connection to the database server can stay open indefinitely without authentication. Connections without authentication can introduce possible denial-of-service attacks, whereby malicious clients attempt to flood database servers with connect requests that consume resources.

To protect both the database server and the listener, Oracle Corporation recommends setting this parameter in combination with the INBOUND_CONNECT_TIMEOUT_listener_name parameter in the listener.ora file. When specifying values for these parameters, consider the following recommendations:

Set both parameters to an initial low value.

Set the value of the INBOUND_CONNECT_TIMEOUT_listener_name parameter to a lower value than the SQLNET.INBOUND_CONNECT_TIMEOUT parameter.

For example, you can set INBOUND_CONNECT_TIMEOUT_listener_name to 2 seconds and INBOUND_CONNECT_TIMEOUT parameter to 3 seconds. If clients are unable to complete connections within the specified time due to system or network delays that are normal for the particular environment, then increment the time as needed.

SQLNET.KERBEROS5_CLOCKSKEW

Purpose

Default

300

Example

SQLNET.KERBEROS5_CLOCKSKEW=1200

SQLNET.KERBEROS5_CONF

Purpose

Use the parameter SQLNET.KERBEROS5_CONF to specify the complete path name to the Kerberos configuration file, which contains the realm for the default Key Distribution Center (KDC) and maps realms to KDC hosts. The KDC maintains a list of user principals and is contacted through the kinit program for the user's initial ticket.

Default

Example

SQLNET.KERBEROS5_CONF=/krb5/krb.conf

SQLNET.KERBEROS5_KEYTAB

Purpose

Use the parameter SQLNET.KERBEROS5_KEYTAB to specify the complete path name to the Kerberos principal/secret key mapping file, which is used to extract keys and decrypt incoming authentication information.

Purpose

Default

true

Values

true | false

Example

SSL_CLIENT_AUTHENTICATION=true

SSL_SERVER_DN_MATCH

Purpose

Use the parameter SSL_SERVER_DN_MATCH to enforce that the distinguished name (DN) for the database server matches its service name. If you enforce the match verifications, then SSL ensures that the certificate is from the server. If you select to not enforce the match verification, then SSL performs the check but allows the connection, regardless if there is a match. Not enforcing the match allows the server to potentially fake its identify.

Syntax

Example

TCP.INVITED_NODES

Purpose

Use the parameter TCP.INVITED_NODES to specify which clients are allowed access to the database. This list takes precedence over the TCP.EXCLUDED_NODES parameter if both lists are present.

Syntax

TCP.INVITED_NODES=(hostname | ip_address, hostname | ip_address, ...)

Example

TCP.INVITED_NODES=(sales.us.acme.com, hr.us.acme.com, 144.185.5.73)

TCP.VALIDNODE_CHECKING

Purpose

Use the parameter TCP.VALIDNODE_CHECKING to check for the TCP.INVITED_NODES and TCP.EXCLUDED_NODES to determine which clients to allow or deny access.

Default

no

Values

yes | no

Example

TCP.VALIDNODE_CHECKING=yes

TCP.NODELAY

Purpose

Use the parameter TCP.NODELAY to preempt delays in buffer flushing within the TCP/IP protocol stack.

Default

no

Values

yes | no

Example

TCP.NODELAY=yes

TNSPING.TRACE_DIRECTORY

Purpose

Use the parameter TNSPING.TRACE_DIRECTORY to specify the destination directory for the TNSPING utility trace file, tnsping.trc.

Default

The $ORACLE_HOME/network/trace directory on UNIX operating systems and the ORACLE_HOME\network\trace directory on Windows operating systems

Example

TNSPING.TRACE_DIRECTORY=/oracle/traces

TNSPING.TRACE_LEVEL

Purpose

Use the parameter TNSPING.TRACE_LEVEL to turn TNSPING utility tracing on, at a specific level, or off.

Default

off

Values

off for no trace output

user for user trace information

admin for administration trace information

support for Oracle Support Services trace information

Example

TNSPING.TRACE_LEVEL=admin

TRACE_DIRECTORY_CLIENT

Purpose

Use the parameter TRACE_DIRECTORY_CLIENT to specify the destination directory for the client trace file.

Default

The $ORACLE_HOME/network/trace directory on UNIX operating systems and the ORACLE_HOME\network\trace directory on Windows operating systems

Example

TRACE_DIRECTORY_CLIENT=/oracle/traces

TRACE_DIRECTORY_SERVER

Purpose

Use the parameter TRACE_DIRECTORY_SERVER to specify the destination directory for the database server trace file.

Default

The $ORACLE_HOME/network/trace directory on UNIX operating systems and the ORACLE_HOME\network\trace directory on Windows NT

Example

TRACE_DIRECTORY_SERVER=/oracle/traces

TRACE_FILE_CLIENT

Purpose

Use the parameter TRACE_FILE_CLIENT to specify the name of the client trace file.

Default

sqlnet.trc

Example

TRACE_FILE_CLIENT=clientsqlnet.trc

TRACE_FILE_SERVER

Purpose

Use the parameter TRACE_FILE_SERVER to specify the name of the database server trace file

Default

svr_pid.trc

Example

TRACE_FILE_SERVER=svrsqlnet.trc

TRACE_FILELEN_CLIENT

Purpose

Use the parameter TRACE_FILELEN_CLIENT to specify the size of the client trace files in kilobytes (KB). When the size is met, the trace information is written to the next file. The number of files is specified with the TRACE_FILENO_CLIENT parameter.

Example

TRACE_FILELEN_CLIENT=100

TRACE_FILELEN_SERVER

Purpose

Use the parameter TRACE_FILELEN_SERVER to specify the size of the database server trace files in kilobytes (KB). When the size is met, the trace information is written to the next file. The number of files is specified with the TRACE_FILENO_SERVER parameter.

Example

TRACE_FILELEN_SERVER=100

TRACE_FILENO_CLIENT

Purpose

Use the parameter TRACE_FILENO_CLIENT to specify the number of trace files for client tracing. When this parameter is set along with the TRACE_FILELEN_CLIENT parameter, trace files are used in a cyclical fashion. The first file is filled first, then the second file, and so on. When the last file has been filled, the first file is re-used, and so on.

The trace file names are distinguished from one another by their sequence number. For example, if the default trace file of sqlnet.trc is used, and this parameter is set to 3, the trace files would be named sqlnet1.trc, sqlnet2.trc and sqlnet3.trc.

In addition, trace events in the trace files are preceded by the sequence number of the file.

Default

None

Example

TRACE_FILENO_CLIENT=3

TRACE_FILENO_SERVER

Purpose

Use the parameter TRACE_FILENO_SERVER to specify the number of trace files for database server tracing. When this parameter is set along with the TRACE_FILELEN_SERVER parameter, trace files are used in a cyclical fashion. The first file is filled first, then the second file, and so on. When the last file has been filled, the first file is re-used, and so on.

The trace file names are distinguished from one another by their sequence number. For example, if the default trace file of svr_pid.trc is used, and this parameter is set to 3, the trace files would be named svr1_pid.trc, svr2_pid.trc and svr3_pid.trc.

In addition, trace events in the trace files are preceded by the sequence number of the file.

Default

None

Example

TRACE_FILENO_SERVER=3

TRACE_LEVEL_CLIENT

Purpose

Use the parameter TRACE_LEVEL_CLIENT to turn client tracing on, at a specific level, or off.

Default

off

Values

off for no trace output

user for user trace information

admin for administration trace information

support for Oracle Support Services trace information

Example

TRACE_LEVEL_CLIENT=user

TRACE_LEVEL_SERVER

Purpose

Use the parameter TRACE_LEVEL_SERVER to turn server tracing on, at a specific level, or off.

Default

off

Values

off for no trace output

user for user trace information

admin for administration trace information

support for Oracle Support Services trace information

Example

TRACE_LEVEL_SERVER=admin

TRACE_TIMESTAMP_CLIENT

Purpose

Use the parameter TRACE_TIMESTAMP_CLIENT to add a time stamp in the form of dd-mon-yyyy hh:mi:ss:mil to every trace event in the client trace file, which has a default name of sqlnet.trc.

Default

on

Values

on or true | off or false

Example

TRACE_TIMESTAMP_SERVER=true

TRACE_TIMESTAMP_SERVER

Purpose

Use the parameter TRACE_TIMESTAMP_SERVER to add a time stamp in form of dd-mon-yyyy hh:mi:ss:mil to every trace event in the database server trace file, which has a default name of svr_pid.trc.

Default

off

Values

on or true | off or false

Example

TRACE_TIMESTAMP_SERVER=true

TRACE_UNIQUE_CLIENT

Purpose

Use the parameter TRACE_UNIQUE_CLIENT to specify whether or not a unique trace file is created for each client trace session. When the value is set to on, a process identifier is appended to the name of each trace file, enabling several files to coexist. For example, trace files named sqlnetpid.trc are created if default trace file name sqlnet.trc is used. When the value is set to off, data from a new client trace session overwrites the existing file.

Default

on

Values

on or off

Example

TRACE_UNIQUE_CLIENT=on

USE_CMAN

Purpose

If set to true, the parameter USE_CMAN routes the client to a protocol address for an Oracle Connection Manager.

The following example shows two address lists. While the first address list routes the client to an Oracle Connection Manager, the second address list routes the client directly to a listener.

Without USE_CMAN=true, the client picks one of the address lists at random and fails over to the other address list if the chosen ADDRESS_LIST fails. With USE_CMAN=true, the client always uses the first address list.

If no Oracle Connection Manager addresses are available, connections are routed through any available listener address.

Note:

If you are using Oracle Connection Manager with Oracle Names, this option must be set on clients and Oracle Names servers.

Default

false

Values

true | false

Example

USE_CMAN=true

USE_DEDICATED_SERVER

Purpose

If set to on, the parameter USE_DEDICATED_SERVER automatically appends (SERVER=dedicated) to the connect data for a connect descriptor. This way connections from this client use a dedicated server process, even if shared server is configured.

This parameter adds (SERVER=dedicated) to the CONNECT_DATA section of the connect descriptor used by the client. It overrides the current value of the SERVER parameter in the tnsnames.ora file.

If an Oracle wallet is stored in the Windows NT registry and the wallet's key (KEY) is SALESAPP, the storage location of the encrypted wallet is HKEY_CURRENT_USER\SOFTWARE\ORACLE\WALLETS\SALESAPP\EWALLET.P12. The storage location of the decrypted wallet is HKEY_CURRENT_USER\SOFTWARE\ORACLE\WALLETS\SALESAPP\CWALLET.SSO.